7 Critical
⌘K
0 High
0 Medium
0 Low
7 Total
43 IOCs
21 Sources
| Severity | Type | Title | Ecosystem | Published | Confidence | IOCs | Sources | Status | Action |
|---|---|---|---|---|---|---|---|---|---|
| Critical | Supply Chain | node-ipc npm maintainer account abuse publishes credential-stealing releases Malicious node-ipc releases 9.1.6, 9.2.3, and 12.0.1 abused npm package trust to steal developer and CI/CD secrets through import-time execution and DNS exfiltration. | npm node-ipc | 10h ago | High | 5 | 4 | Active | › |
| Critical | Supply Chain | Axios npm maintainer compromise delivers cross-platform RAT Compromised Axios releases 1.14.1 and 0.30.4 added the malicious plain-crypto-js dependency to fetch cross-platform RAT payloads. | npm Axios HTTP client | 10h ago | High | 8 | 2 | Mitigated | › |
| Critical | Supply Chain | Typosquatted npm packages backdoor Claude Code sessions with SessionStart hooks Five typosquatted npm packages installed a hidden ELF under .claude and registered it as a Claude Code SessionStart hook, turning package installation into repeated execution when affected projects open. | npm auth-javascript | 10h ago | High | 9 | 7 | Active | › |
| Critical | Supply Chain | Malicious @bitwarden/cli npm package steals developer and cloud credentials Typosquatted @bitwarden/cli@2026.4.0 targeted developer workstations and CI/CD pipelines, harvesting secrets and attempting worm-like propagation. | npm Bitwarden CLI | 10h ago | High | 4 | 2 | Mitigated | › |
| Critical | Supply Chain | Checkmarx Jenkins AST plugin compromised via marketplace release Malicious Checkmarx Jenkins AST plugin 2026.5.09 was available through the Jenkins Marketplace and executed through normal plugin lifecycle hooks. | Jenkins Marketplace Jenkins AST Scanner plugin | 10h ago | High | 6 | 2 | Mitigated | › |
| Critical | Supply Chain | Mini Shai-Hulud compromises npm and PyPI packages Ongoing TeamPCP-linked campaign compromising npm and PyPI packages with credential-stealing payloads targeting developer and CI/CD secrets. | npm CAP / Cloud MTA Build Tool | 10h ago | High | 5 | 2 | Active | › |
| Critical | Supply Chain | TeamPCP compromises Trivy and expands across security tooling TeamPCP weaponized trusted Trivy distribution channels and related CI/CD tooling to harvest credentials and exfiltrate encrypted archives. | Aqua Security Trivy | 10h ago | High | 6 | 2 | Active | › |